Practical Notes
- Requires Grafana 9.0+ for full functionality (README requirement)
- Some tool categories are disabled/limited by flags; plan least-privilege RBAC scopes (README RBAC section)
A Least-Privilege MCP Pattern for Observability
Treat your Grafana token like production credentials.
Suggested steps:
- Create a dedicated Grafana service account for MCP.
- Start with read-only operations (dashboard search, summaries).
- Only then enable write tools (dashboard patch/update) when you’re comfortable with the audit trail.
To keep agent context small:
- Prefer summary tools over full dashboard JSON.
- Use JSONPath-style property extraction to pull only what you need.
This makes Grafana automation scalable: the agent can answer “what changed?” and “what’s broken?” without flooding the context window.
FAQ
Q: Do I need a Grafana token?
A: Yes. The README uses GRAFANA_SERVICE_ACCOUNT_TOKEN for authentication.
Q: Can I run it without Docker? A: Yes. The README shows a uvx-based quick start and also Docker/Helm options.
Q: Why does context size matter? A: Dashboard JSON can be huge; use summaries and property extraction to avoid token blowups.